What is the severity of CVE-2018-0940?

CVE-2018-0940 has a CVSS score indicating a critical severity level, which suggests it poses a significant security risk.

How do I fix CVE-2018-0940?

To fix CVE-2018-0940, you should apply the latest security updates from Microsoft for the affected versions of Exchange Server.

What are the affected versions in CVE-2018-0940?

CVE-2018-0940 affects Microsoft Exchange Server 2010 SP3 Rollup 20, Exchange Server 2013 CU18 and CU19, Exchange Server 2013 SP1, and Exchange Server 2016 CU7 and CU8.

Can CVE-2018-0940 lead to data breaches?

Yes, CVE-2018-0940 could potentially allow attackers to gain unauthorized access to sensitive data.

Is there a workaround for CVE-2018-0940?

While the best mitigation for CVE-2018-0940 is updating to the latest version, temporarily disabling certain features may reduce risk until a patch is applied.

Vulnerability/
CVE-2018-0940

medium

6.5

14/3/2018

17/9/2024

CVE-2018-0940

First published: Wed Mar 14 2018(Updated: )

Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka "Microsoft Exchange Elevation of Privilege Vulnerability".

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Exchange Server	=2010-sp3_rollup20
Microsoft Exchange Server	=2013-cumulative_update_18
Microsoft Exchange Server	=2013-cumulative_update_19
Microsoft Exchange Server	=2013-sp1
Microsoft Exchange Server	=2016-cumulative_update_7
Microsoft Exchange Server	=2016-cumulative_update_8

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0940

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-0940?
CVE-2018-0940 has a CVSS score indicating a critical severity level, which suggests it poses a significant security risk.
How do I fix CVE-2018-0940?
To fix CVE-2018-0940, you should apply the latest security updates from Microsoft for the affected versions of Exchange Server.
What are the affected versions in CVE-2018-0940?
CVE-2018-0940 affects Microsoft Exchange Server 2010 SP3 Rollup 20, Exchange Server 2013 CU18 and CU19, Exchange Server 2013 SP1, and Exchange Server 2016 CU7 and CU8.
Can CVE-2018-0940 lead to data breaches?
Yes, CVE-2018-0940 could potentially allow attackers to gain unauthorized access to sensitive data.
Is there a workaround for CVE-2018-0940?
While the best mitigation for CVE-2018-0940 is updating to the latest version, temporarily disabling certain features may reduce risk until a patch is applied.

agent/type
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
agent/severity
agent/author
agent/references
agent/remedy
agent/description
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
vendor/microsoft
canonical/microsoft exchange server
version/microsoft exchange server/2010-sp3_rollup20
version/microsoft exchange server/2013-cumulative_update_18
version/microsoft exchange server/2013-cumulative_update_19
version/microsoft exchange server/2013-sp1
version/microsoft exchange server/2016-cumulative_update_7
version/microsoft exchange server/2016-cumulative_update_8

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.